Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
New enterprise CA
0 views
Skip to first unread message
Danny Cooper
Feb 10, 2004, 4:52:08 AM2/10/04
to
I want to replace a single-box Windows 2000 enterprise root CA with
another three-tier one based on Windows Server 2003. Is it possible to
migrate the existing certificates from the old PKI CA to the new one -
and allow me to switch off the old one?
I have read the this type of action should be supported in a PKI, but
only once.
Danny.
![David Cross [MS]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
David Cross [MS]
Feb 10, 2004, 8:32:32 AM2/10/04
to
It is best that you just stop issuing certs from the existing CA and setup
the new hierarchy in parallel. You can upgrade to 2003, but you cannot move
a root CA to a subCA or vice versa.
the new hierarchy in parallel. You can upgrade to 2003, but you cannot move
a root CA to a subCA or vice versa.
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Danny Cooper" <danny....@bbc.co.uk> wrote in message
news:58ah20h6injbeisji...@4ax.com...
Danny Cooper
Feb 11, 2004, 8:38:11 AM2/11/04
to
So if the original issuing CA was also the root, it can't be moved to
another hierarchy's subordinate CA?
What if I imported the root certificate from the old hierarchy to the
new root, then created the new subordinate CA of it with the same name
as the old CA - and imported the old CAs certificate database?
Alternatively, what will the domain controllers do when they find they
can't locate the old CA for certificate renewal?
Danny.
0 new messages